Orders
A read-only activity feed of recent orders for a merchant — the projection the dashboard's Activity page consumes.
The orders feed is the merchant-facing read projection of terminal gate outcomes. The rows are written by the ingest path (and the managed checkout path); this endpoint just reads them back, newest first.
GET /v1/orders
| Auth | API key · scope orders:read |
|---|---|
| Query | merchant_id (optional), limit (1–100, default 50) |
Response — 200
{
"data": [
{
"id": "ord_01J…",
"session_id": "…",
"merchant_id": "mrch_01J…",
"agent_id": "11111111-1111-1111-1111-111111111111",
"decision": "accept",
"total": { "currency": "USD", "subtotal": "25.00", "tax": "0.00", "total": "25.00" },
"rail_name": "x402",
"settlement_ref": "0xabc…",
"receipt_id": "rcpt_01J…",
"mandate_type": "veto",
"trust_tier": "trusted",
"created_at": "2026-06-24T12:00:00.000Z"
}
],
"has_more": false,
"next_cursor": null
}total is the exact-decimal cart total (or null). decision is one of accept, reject,
hold. mandate_type is veto, ap2, acp, or none. trust_tier is premium,
trusted, standard, or cautious.
curl "https://api.veto-ai.com/v1/orders?merchant_id=mrch_01J…&limit=50" \
-H "Authorization: Bearer veto_test_8f2c…"Validate & publish
The publish gate. Validate runs the SDK's pure config validator over your draft; publish validates, then activates the newest policy version and rebuilds the manifest.
Manifest & JWKS serving
The public, agent-facing discovery surface served in hosted mode — the manifest, the receipt JWKS, and a path-form catalog mirror, with ETag caching and open CORS.